1. Field of the Invention
The present invention relates to an information management system in which a plurality of terminal apparatuses for storing data and an information management server for managing management information concerning the data are connected to each other via a network. Particularly the present invention relates to a technology of confirming, through the information management server, that each of the terminal apparatuses has executed the processing that affects the management information on that data in a case where such processing was executed.
2. Description of the Related Art
In recent years, it has become possible to obtain digital works (hereinafter also referred to as “contents”) such as music, videos and games easily via distribution thereof recorded on package media as well as via the Internet and digital broadcasting. From the viewpoint of copyright protection or the like, various arrangements have been studied for restricting the number of reproductions, moving, copying and the like of these digital works in using them, namely, for managing the rights of these digital works and the licenses indicating the rights to use them and controlling the usage thereof (Digital Rights Management (DRM)).
When copying and moving these digital works and the licenses thereof between a plurality of terminals, such copying and moving within an unlimited range are not permitted, but copying and moving only within a certain limited range are permitted. It is considered in general that such copying and moving are permitted only between a plurality of terminal apparatuses owned by one user or various users.
In order to achieve such copying and moving within a certain limited range, it is necessary to form a group of terminals which are permitted to perform the processing such as copying and moving of contents between them. Such a group is managed based on group information used for determining whether or not a terminal belongs to the group, a terminal list indicating a list of terminals which belong to the group, and others.
To be more specific, in a case where terminal apparatuses within a predetermined range of numbers (5 or less, for example) with permission of the server forms a group, upon receipt of a request to register a new terminal apparatus into the group, the server judges whether or not the terminal apparatus can be registered in the terminal list, namely, whether or not a predetermined number of terminal apparatuses have already been registered. If the number of registered terminal apparatuses has not yet reached the predetermined upper limit, the server registers the new terminal apparatus in the terminal list and transmits, to that terminal apparatus registered in the terminal list, information (group information) that is unique to the group for determining whether or not the terminal apparatus belongs to the group. On the other hand, in a case where a terminal apparatus leaves the group, the server is notified that this terminal apparatus has deleted the group information after the deletion of the group information. Upon receipt of the notification of deletion, the server deletes that terminal apparatus from the terminal list. A system has been considered for permitting the processing (such as moving and copying) of digital works and the licenses thereof only between the group member terminal apparatuses which hold the group information, according to the above-mentioned arrangements.
The above-mentioned system allows restriction of the processing such as copying and moving of digital works, their licenses and the like within a permissible range, using simple arrangements.
In the above-mentioned system, however, a terminal apparatus does not always perform proper processing. If the terminal apparatus fraudulently notifies the information management server that it has deleted its own group information in spite of its failure of deletion, a problem arises that the group consists of more than a predetermined number of (5 or 10, for example) terminal apparatuses in an unauthorized manner, regardless of the limitation on the number of terminal apparatuses.
Such a problem is not limited to the case where each of the terminal apparatuses holds the group information, the server manages the terminal list concerning the group information, and any one of the terminal apparatuses notifies the server that it has deleted the group information when it deleted the information. But the same holds true, in general, for the information management system in which each of the terminal apparatuses holds some kind of data, the server manages the management information concerning that data, and any one of the terminal apparatuses notifies the server that it has executed the processing that affects the management information when it executed such processing.
Consequently, the object of the present invention is to solve the above-mentioned problem and to provide an information management system for preventing fraudulent acts conducted by a terminal apparatus, such as hiding of unauthorized execution of the processing that affects the management information.